| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
| |
|
| |
|
| |
|
|
|
|
| |
encodings
|
|
|
|
| |
This reverts commit 10773f94eae0dacf10e2ed0c28f6bb73805c2521.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test is affected by a bug in Ruby 1.9.3p0 and trunk:
http://redmine.ruby-lang.org/issues/5564
Given we cannot fix it for ourselves, it is better to skip for now so
that we will easily see if further failures are introduced.
Jon Leighton is monitoring the bug report and will revert this when a
suitable solution is found (either a new Ruby release or a generic
workaround).
If you are using 1.9.3 in your app and have templates that are not in
UTF-8, you should add a workaround early on in the boot process. For
example, if your templates are Shift_JIS encoded, then add the
following in an initializer:
Encoding::Converter.new('Shift_JIS', 'UTF-8')
|
|
|
|
|
|
| |
ActionView::Template, we get to see the actual underlying error rather than a NoMethodError.
This shows an encoding bug on Ruby 1.9.3.
|
|
|
|
| |
This reverts commit 115e80dccc65c3ed9a9750649d9ca4ea2a7e64f1.
|
|
|
|
|
|
| |
This will make sure `render :inline` is working.
Closes #1633
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
| |
|
|
|
|
| |
rendering.
|
|
|
|
| |
template handler.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This means that templates does not need to store its source anymore, allowing us to reduce the ammount of memory taken by our Rails processes. Naively speaking, if your app/views contains 2MB of files, each of your processes (after being hit by a bunch of requests) will take 2MB less of memory after this commit.
This is extremely important for the upcoming features. Since Rails will also render CSS and JS files, their source won't be stored as well allowing us to decrease the ammount of memory taken.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
* Default Encoding.default_internal to UTF-8
* Eliminated the use of file-wide magic comments to coerce code evaluated inside the file
* Read templates as BINARY, use default_external or template-wide magic comments
inside the Template to set the initial encoding
* This means that template handlers in Ruby 1.9 will receive Strings encoded
in default_internal (UTF-8 by default)
* Create a better Exception for encoding issues, and use it when the template
source has bytes that are not compatible with the specified encoding
* Allow template handlers to opt-into handling BINARY. If they do so, they
need to do some of their own manual encoding work
* Added a "Configuration Gotchas" section to the intro Rails Guide instructing
users to use UTF-8 for everything
* Use config.encoding= in Ruby 1.8, and raise if a value that is an invalid
$KCODE value is used
Also:
* Fixed a few tests that were assert() rather than assert_equal() and
were caught by Minitest requiring a String for the message
* Fixed a test where an assert_select was misformed, also caught by
Minitest being more restrictive
* Fixed a test where a Rack response was returning a String rather
than an Enumerable
|